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DETAILED ACTION 

1 . Presently, pending claims are 1 , 4, 6 - 1 2, 15, 23 and 26. 

Continued Examination Under 37 CFR 1.114 

2. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
10/9/2007 has been entered. 

Claim Objection 

3. Claim 1 is objected to because of the following informalities: "according the 
protocol" should be replaced with " according to the protocol". Appropriate correction(s) 
is (are) required. 

4. Claim 5 is objected to because of the following informalities: "according to claim 
[[5]]" should be replaced with "according to claim 1 [[5]]". Appropriate correction(s) is 
(are) required. 

Response to Argument 

5. Applicant's arguments with respect to the subject matter of the instant claims 
have been fully considered but are not persuasive. 

6. As per claim 1 and 28, Applicant asserts prior-arts fail to teach "appending a 
gateway source address with the source address of the packet to the second portion to 
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generate a group header " (amended claim 1) and " appending, to the received packet, a 
group header including a group identifier associated with the private network and a 
gateway address associated with a source member" (amended claim 23). Examiner 
respectfully disagrees because (a) Shimbo teaches appending a gateway source 
address with the source address of the packet to the second portion (Shimbo: Column 
26 Line 28 - 36 & Caronni : Figure 2B & Column 1 2 Line 11 - 1 9) and (b) Caronni 
teaches a Supernet is indeed a private network that has its own internal addressing 
scheme (Caronni: Column 6 Line 8-10) and a Supernet ID is included in the packet 
transformation qualified as a Group ID (Caronni: Column 7 Line 7-13 and Column 9 
Line 1 - 5 & Figure 6). 



Double Patenting 

The nonstatutory provisional double patenting rejection is based on a judicially 
created doctrine grounded in public policy (a policy reflected in the statute) so as to 
prevent the unjustified or improper timewise extension of the "right to exclude" granted 
by a patent and to prevent possible harassment by multiple assignees. See In re 
Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 
225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 
1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 
418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1.130(b). 
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Effective January 1 , 1 994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 

7. Claims 1,4,6-12, 1 5, 23 and 26 are rejected under the judicially created 
doctrine of obviousness-type provisional double patenting as being unpatentable over 
claims 1,6-9 and 11 of copending application 10/661,903. Although the conflicting 
claims are not identical, they are not patentably distinct from each other because claims 
1, 4 and 11 of the instant application are envisioned by the claims of the copending 
application that contain all the limitations of claims of the instant application and as such 
claims of the instant application are not patently distinct from the earlier copending 
application claim and as such are unpatentable for obvious-type provisional double 
patenting. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the art to which said subject 
matter pertains. Patentability shall not be negatived by the manner in which the invention was 
made. 

8. Claims 1,4, 6, 8, 9, 11, 12, 23 and 26 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Liu (U.S. Patent 2002/0154635), which incorporates the 
reference of Caronni et al. (U.S. Patent 6,970,941) as shown in (Liu: Para [00021 ), in 
view of Shimbo et al. (U.S. Patent 6,185,680). 



Application/Control Number: 

10/661,657 

Art Unit: 2131 



Page 5 



As per claim 1 and 12, Liu / Caronni teaches a method of securing packet data . 
transferred between a first and second member of a private network over a backbone, 
the backbone operating according to a routing protocol (Caronni : Column 2 Line 14-35 
and Column 4 Line 38 - 52), the method comprising the steps of: 

receiving a packet including a private network address comprising a source 
address and a destination address, the packet further including a payload (Caronni : 
Column 1 1 Line 37 - 61 & Liu: Para [0025]); 

apportioning the packet into a first portion and a second portion, wherein the first 
portion includes fields of the packet used for transmission of the packet according to the 
protocol of the backbone including the private network address and the second portion 
includes payload (Caronni : Figure 2B & Column 12 Line 1 1 - 19: the first portion is the 
SRC/DST real address according the protocol of the backbone & Liu: Para [0025]). 

Liu / Caronni does not disclose expressly appending a gateway source address 
with the source address of the packet to the second portion to generate a group header. 

Shimbo teaches appending a gateway source address with the source address 
of the packet to the second portion to generate a group header (Shimbo: Column 26 
Line 28 - 36 & Caronni : Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6 and 
Column 12 Line 11-19, Column 6 Line 8-10 Figure 2B : (a) Shimbo teaches 
appending a gateway source address with the source address of the packet to the 
second portion (Shimbo: Column 26 Line 28 - 36 & Caronni : Figure 2B & Column 12 
Line 11-19) and (b) Caronni teaches a Supernet is indeed a private network that has 
its own internal addressing scheme (Caronni: Column 6 Line 8-10) and a Supernet ID 
is included in the packet transformation qualified as a Group ID (Caronni: Column 7 Line 
7 - 1 3 and Column 9 Line 1 - 5 & Figure 6). 
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It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Shimbo within the system of Liu 
because (a) Liu teaches a mechanism to extend private networks onto a public 
infrastructure (Liu: Para [0015] and [0018]) / Caronni teaches modifying a IP packet 
format so that any type of delivery scheme may be assigned to any address or group of 
addresses (Caronni: Column 3 Line 19-25) and (b) Shimbo teaches providing an 
efficient, flexible and secured method to protect the data communication in any type of 
networks such as hierarchical organized or mobile computing environment by using a 
security gateway (Shimbo: Column 3 Line 39 - 50). 

transforming the second portion of the packet according to a group security 
association associated with the private network to provide a transformed portion which 
includes a transformed group header (Caronni : Column 7 Line 5 - 33, Column 3 Line 17 
- 21 and Column 1 1 Line 37 - 43: the mappings of the internal / private address, known 
as node ID, which is considered as a part of the group security association and the 
Supernet contains a modification to the IP packet format that can be used to separate 
network behavior from addressing and besides, the security association (SA) is related 
to Authentication Header (AH)); 

appending the first portion of the packet to the transformed portion to provide a 
transformed packet (Caronni : Figure 2B & Column 12 Line 1 1 - 19: the first portion is 
the SRC/DST real addresses according the protocol of the backbone is appended to the 
second portion of SRC/DST virtual addresses); and 

transmitting the transformed packet to the backbone using the private network 
address (Caronni : Column 3 Line 17 - 23). 
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As per claim 23, Liu / Caronni teaches an apparatus at a node for transforming 
packets for forwarding between a plurality of members of a group communicating on a 
scalable private network over a backbone, each of the plurality of group members 
communicating with the backbone via respective gateways; wherein the backbone 
operates according to a protocol (Caronni : Column 2 Line 14-35 and Column 4 Line 
38 - 52), the apparatus comprising: 

a key table, the key table including a security association for each group that the 
node is a member (Caronni : Column 7 Line 5 - 33 : VARPDB stores the mappings of 
the internal / private address, known as node ID, which is considered as a part of key 
table); 

transform logic operable to apply a security association to only a portion of each 
packet transmitted over the private network associated with each group to ensure that a 
remaining portion of the packet enabling communication over the backbone according to 
the protocol is preserved (Caronni : Figure 2B & Column 12 Line 11-19, Column 7 Line 
5 - 33, Column 3 Line 17-21 and Column 1 1 Line 37 - 43: only Supernet virtual 
address contains a modification to the IP packet format that can be used to separate 
network behavior for forwarding communication between members of the group using an 
private network address associated with the group and the portion of SRC/DST real 
address according the protocol of the backbone is preserved); and 

forwarding logic for forwarding communication between members of the group 
using an private network address associated with the group (Caronni : Column 3 Line 17 
-23). 

transform logic comprising means for modifying packets received from a source 
member of the group for transfer on a private network over the backbone by: extracting a 
private network address header from a received packet, the private network address 
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header including a source and destination address (Caronni: Column 6 Line 8-10, 
Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6: a Supernet is indeed a 
private network that has its own internal addressing scheme for transfer on a private 
network over the backbone). 

However, Liu / Caronni does not disclose expressly appending to the received 
packet, a group header including a group identifier associated with the private network 
and a gateway address associated with a source member; applying a security 
association to the received packet including the group header to provide a modified 
packet; appending the private network address header to the modified packet to provide 
a transformed packet, where only information in the transformed packet that enables 
communication over the backbone is unsecured. 

Shimbo (& Caronni) teaches appending to the received packet, a group header 
including a group identifier associated with the private network and a gateway address 
associated with a source member; applying a security association to the received packet 
including the group header to provide a modified packet; appending the private network 
address header to the modified packet to provide a transformed packet, where only 
information in the transformed packet that enables communication over the backbone is 
unsecured (Shimbo: Column 26 Line 28 - 36 & Caronni : Column 7 Line 7 - 13 and 
Column 9 Line 1 - 5 & Figure 6 and Column 12 Line 11-19, Column 6 Line 8-10 
Figure 2B : (a) Shimbo teaches appending a gateway source address with the source 
address of the packet to the second portion (Shimbo: Column 26 Line 28 - 36 & Caronni 
: Figure 2B & Column 12 Line 11-19) and (b) Caronni teaches a Supernet is indeed a 
private network that has its own internal addressing scheme (Caronni: Column 6 Line 8 
- 10) and a Supernet ID is included in the packet transformation qualified as a Group ID 
(Caronni: Column 7 Line 7-13 and Column 9 Line 1 - 5 & Figure 6 and (c) ESP, as per 
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IPSec protocol feature, can be used to provide confidentiality, authentication and 
integrity and besides, the key information included in the packet header can be used to 
secure information between peer-to-peer (using the same key) to protect private network 
addressing information except the backbone public network address that uses an open 
network addressing scheme (i.e. not secured) (Caronni: Figure 6 and Column 9 Line 1 - 
39). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Shimbo within the system of Liu 
because (a) Liu teaches a mechanism to extend private networks onto a public 
infrastructure (Liu: Para [0015] and [0018]) / Caronni teaches modifying a IP packet 
format so that any type of delivery scheme may be assigned to any address or group of 
addresses (Caronni: Column 3 Line 19-25) and (b) Shimbo teaches providing an 
efficient, flexible and secured method to protect the data communication in any type of 
networks such as hierarchical organized or mobile computing environment by using a 
security gateway (Shimbo: Column 3 Line 39 - 50). 

As per claim 4 and 26, Liu / Caronni as modified teaches the step of 
transforming is performed at the first member of the private network (Caronni : Column 2 
Line 27 - 32: terminal computer device D^. 

As per claim 6, Liu / Caronni as modified teaches the first portion of the packet 
comprises a first header, the first header having a type, source and destination, and 
wherein the group header comprise a group type, the gateway source address, group 
address and wherein the step of generating a group header includes the step of copying 
the type of the first header to the group type (Shimbo: Column 9 Line 15-39, Column 
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26 Line 28 - 36 & Caronni : Figure 2B & Column 1 2 Line 11-19, Column 3 Line 21-23 
and Column 5 Line 20 - 23: the next header field identifies the type of header 
immediately following the current header and thus it can obtained by copying the header 
type from the previous "next header field"). 



As per claim 8, Liu / Caronni as modified teaches the group security association 
is an Internet Protocol Security transform (Caronni : Column 9 Line 28: IPSec). 

As per claim 9, Liu / Caronni as modified teaches the group security association 
is an Encapsulated Security Protocol. (Caronni : Column 9 Line 28: ESP protocol). 

As per claim 1 1 , Liu / Caronni as modified teaches receiving, at each member 
of the private network, a key corresponding to the private network group security 
association (Caronni : Column 10 Line 26 - 29: KMS = Key Management Server). 

9. Claim 15 is rejected under 35 U.S.C. 103(a) as being unpatentable over Liu (U.S. 
Patent 2002/0154635), in view of Shimbo et al. (U.S. Patent 6,185,680), and in view of 
Alkhatib et al. (U.S. Patent 2003/0233454). 

As per claim 15, Liu does as modified not disclose expressly transforming is 
performed at a gateway device disposed between one of the at least two members of 
the virtual private network and the communication link. 

Alkhatib teaches transforming is performed at a gateway device disposed 
between one of the at least two members of the virtual private network and the 
communication link (Alkhatib : Par [0049] Line 14 - 17 and Para [0017] Line 1 - 8: (a) an 
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edge device is disposed between the first member of the private network and the 
backbone, and wherein the step of transforming is performed at the edge device and (b) 
a gateway, that changes and encapsulates the destination address, can be considered 
as an edge device, which also appears in the specification of the instant application 
(SPEC: Page 3 Line 14: Customer Edge device may also be referred to as a gateway 
device). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Alkhatib within the system of Liu 
because (a) Liu teaches a mechanism to extend private networks onto a public 
infrastructure (Liu: Para [0015] and [0018]) and (b) Alkhatib teaches providing a 
method to create a binding between public address and private address when 
communicating over a private network (Alkhatib : Para [0019]). 

10. Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Liu (U.S. 
Patent 2002/0154635). Liu (U.S. Patent 2002/0154635), which incorporates the 
reference of Caronni et al. (U.S. Patent 6,970,941) as shown in (Liu: Para [00021 ) in 
view of Shimbo et al. (U.S. Patent 6,185,680). 

As per claim 7, Liu as modified discloses the first header further includes a 
length, the group header further includes a group length, and wherein the method 
includes the steps of copying the length to the group length (Caronni : Column 7 Line 15 
- 16 : Examiner notes any of the standard protocol format obviously conforms to 
standard T / L / V fields (Type, Length, and Value) as a complete layout of a protocol 
specification). 
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1 1 . Claim 1 0 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over Liu (U.S. 
Patent 2002/0154635), in view of Shimbo et al. (U.S. Patent 6,185,680), and in view of 
Boden et al. (U.S. Patent 6,330,562). 

As per claim 10, Liu as modified does not disclose expressly the group security 
association is an internet Key Encryption. 

Boden teaches the group security association is an Internet Key Encryption 
(Column 2 Line 4-5: IKE scheme). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Boden within the system of Liu because 
(a) Liu teaches a mechanism to extend private networks onto a public infrastructure over 
a VPN (Virtual Private Network) (Liu: Para [0015] and [0018]) and (b) Boden teaches 
providing a data model for abstracting customer-defined VPN security policy information 
to dynamically negotiate, create, delete, and maintain secure connections at the IP level 
with other VPN nodes (Boden : Abstract). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Longbit Chai whose telephone number is 571-272-3788. 
The examiner can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
.800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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